The hacking group that stole 21.5 million records from the US Office of Personnel Management (OPM) has also breached the security of United Airlines, according to a report on Bloomberg.
The alleged hack, which remains unconfirmed by the airline, was reportedly discovered in June this year and has since been linked with a hacking group said to originate in China.
The group has also been blamed for the breach at US healthcare insurance firm Anthem that compromised a database holding up to 80 million customer health records.
United denied suggestions that it had suffered a data breach when asked for comment by V3.
"These reports are based on pure speculation, and we can assure our customers that their personal information is secure," said United spokesman Charles Hobart.
"We remain vigilant in protecting against unauthorised access, and use top advisors and best practices on cyber security to maintain our effectiveness."
However, if the reports of a breach are true, the evidence seems to suggest that the Chinese hacking group is amassing a huge cache of data largely focused on US citizens.
United holds a number of contracts with the US government, and the loss of data could be of interest to China as it may provide the ability to track people of interest via the stolen flight manifests and build up individual travel profiles.
Luke Brown, vice president and manager of Digital Guardian, said that the breach, if true, shows the importance of large companies properly protecting sensitive data.
"Reports indicate that flight manifests were among the items stolen during the breach, giving the hackers detailed passenger lists and flight destinations," he said.
"It sounds like something out of a Hollywood film, but in reality it is extremely concerning for all air travellers to think that this kind of information is now being targeted, particularly when the motives behind it are unknown."
Ryan Kalember, senior vice president of cyber security strategy at Proofpoint, noted that cyber attacks are now having significant real-world consequences.
"It is deeply concerning that adversaries have access to information that can effectively create a surveillance map of activities and patterns," he said.
"We have to assume that this group is working at least somewhat opportunistically. The success they've had is a call to action to step up defences against advanced threats, proactively protect critical information, and better equip security teams to respond quickly when compromises occur."
Mike Oppenheim, manager of threat intelligence at security firm FireEye, told The New York Times that his team has been tracking the China-based hacking group since 2013.
"Unlike other actors operating from China who conduct industrial espionage, take intellectual property or steal defence technology, this group has primarily targeted information that would enable it to build a database of Americans, with a likely focus on diplomats, intelligence operatives and those with business in China," he explained.
China has long denied any involvement in cyber attacks and state-sponsored hacking activities.
Foreign ministry spokesperson Lu Kang said when asked about Chinese involvement following the OPM hack in June that "maybe it is better to clarify one's own matters before rushing to make unfounded accusations against others".
V3 contacted the Chinese embassy in London for a comment, but had not received a reply at the time of publication.
A new RSA report urges coders to sign a 'Hippocratic Oath' before embarking on AI programmes.
IT security vendor believes APT33 is working for the Iranian government
Darktrace pushes machine learning to take some of the pressure off of IT and security teams
Google also gets its hands on HTC's IP in a non-exclusive deal